|If a rule-based IDS learns rules interactively based on packets seen…|
May. 5th, 2026 @ 01:19 pm
|Date:||May 5th, 2006 10:56 pm (UTC)|| |
|(Link)|would it be possible to carefully exploit that to insert rules of your choosing?
Almost certainly. Letting live Internet traffic automatically influence your security mechanisms is typically just asking for trouble.
|Date:||May 6th, 2006 04:52 am (UTC)|| |
Only if the concept doesn't drift, though, I think. A single malicious burst of traffic would be caught by a basic anomaly detector, so it would have to be spread out... and in that time, you would have to assume the paradigms you started with when developing the attack still apply.
I'm thinking about this because I'm trying to figure out why the IDSs in the real-world are primitive from a machine learning standpoint, and I think I've got the major problems narrowed down to this one, and the fact that there are no really good comparitive studies outside of the space of user-data.
|Top of Page
||Powered by LiveJournal.com|